package com.hopu.springbootdemo2.interceptor;

import com.hopu.springbootdemo2.exception.UserTokenException;
import com.hopu.springbootdemo2.util.JwtUtils;
import com.hopu.springbootdemo2.util.RsaUtils;
import org.springframework.http.HttpMethod;
import org.springframework.util.StringUtils;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * 验证用户token的拦截器
 */
public class UserTokenInterceptor implements HandlerInterceptor {

    //放行的白名单
    private static final String[] whiteList = {"login","register","upload"};

    //请求访问后台接口的前置处理
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        //对所有白名单放行
        for(String url : whiteList){
            if(request.getRequestURI().contains(url)){
                return true;
            }
        }
        // 解决跨域
        response.setHeader("Access-Control-Allow-Origin", request.getHeader("origin"));
        //该字段可选，是个布尔值，表示是否可以携带cookie
        response.setHeader("Access-Control-Allow-Credentials", "true");
        response.setHeader("Access-Control-Allow-Methods", "GET, POST, PUT,DELETE");
        response.setHeader("Access-Control-Allow-Headers", "*");
        //如果是 OPTIONS 请求，让 OPTIONS 请求返回一个200状态码（解决获取不到token）
        if (HttpMethod.OPTIONS.toString().equals(request.getMethod())) {
            response.setStatus(HttpServletResponse.SC_OK);
            return false;
        }
        //获得请求头中token
        String token = request.getHeader("Authorization");
        if(StringUtils.isEmpty(token)){
            throw new UserTokenException("token为空");
        }
        //验证token
        try {
            String username = JwtUtils.getUsernameFromToken(token, RsaUtils.publicKey);
            System.out.println("解析成功 " + username);
            //true 放行 false 拦截
            return true;
        }catch (Exception ex){
            throw new UserTokenException("token解析失败");
        }
    }
}
